Entangled secrets

Three years after its launch into Earth orbit, a Chinese satellite has steadily been extending the reach of an encryption technology that is practically unbreakable.

Nicknamed “Micius” by the researchers responsible for designing it, after a 4th Century BC philosopher, the Quantum Experiments at Space Scale (QUESS) satellite demonstrated it was possible for photons sharing quantum entanglement to convey data over 750km. By June this year, that distance had increased to 1200km.

Before the QUESS experiments began, researchers were unsure as to how far entanglement could be stretched. Now it looks as though satellites could let entangled states straddle continents.

So far, China is leading in the quest to build long-distance networks that use quantum entanglement to improve security rather than classical communications technologies. A year after Micius went into orbit, a consortium of research institutes completed a fibre-based ground network that ran from Beijing to Shanghai through Jinan and Hefei across a distance of almost 2000km.

In contrast to the direct communication between satellite and ground stations, the Beijing-Shanghai requires numerous relay stations. But both networks are pointing the way towards a radical change in the way encryption is used.

In 1984, Charles Bennett and Gilles Brassard unveiled what is now known as the BB84 protocol. It takes advantage of the Heisenberg uncertainty principle to detect third parties attempting to eavesdrop on private communications. The easiest mechanism for implementing BB84 is to use polarised light and then use polarisers arranged at different angles in front of detectors to spot them.

Consider two parties who want to communicate who, in the tradition of cryptography analysis, are called Alice and Bob. The sender, Alice, randomly switches between two types of polarisation when encoding a random stream of entangled photon pairs: either along a perpendicular axis or at a 45° angle. Bob, the receiver of one half of each pair also randomly swaps between these two types of polarisation when measuring. Only if both choose correctly will the measurement work. If Bob performs the wrong type of measurement, any subsequent attempt to confirm the polarisation will lead to a random, useless result.

For each bit received, Bob tells Alice which measurement basis he used and Alice will inform him which guesses. Bob’s records of the correct bits generate a ‘sifted key’. To check their communication is secure, Alice and Bob sample some bits from the sifted key and compare results.

If the results in the checked bits differ, it points to the presence of an eavesdropper on their link, disrupting the measurements that Alice and Bob attempt. If they find disruption, Alice and Bob then have to start again, possibly using a different link to avoid the eavesdropper. If they do not encounter errors, Alice and Bob now both have a private key that can be used to encrypt data sent over a classical channel.

BB84 itself does not require entanglement but numerous variants have appeared that have Alice create entangled pairs for measurement later rather than having her enforce a measurement basis on single photons before sending them. The satellite experiments have tended to focus on the use of entanglement.

Streamlining the processVarious forms of quantum key distribution (QKD) protocol have appeared that streamline the process of creating keys. With its need for sifting, BB84 key generation is not a fast process compared to the bandwidth of a photonic channel. One example is a protocol developed by Toshiba five years ago that calls on Bob alone to randomly pull bits from trains of coherent pulses without involving Alice. The developers claimed the protocol gives eavesdroppers almost no chance of decoding a key.

In 2018, they claimed the key-generation rate could be pushed into tens of megabits per second with the help of FPGA-based hardware accelerators.

Theoretically, QKD using BB84 provides users with practical access to one-time pads. Claude Shannon proved in 1945 that a key generated entirely randomly and used only once is practically uncrackable. The problem in the past is finding a secure way to get the pads into the hands of receivers without risking them being uncovered by hackers.

While QKD provides a suitably secure mechanism, both distance and speed remain stumbling blocks for the technique but experiments such as those performed by QUESS are showing that space-based networks could transmit keys around the world, albeit not at the speed you would need for highly secure video. The practical key distribution rate is orders of magnitude lower than the channel’s bandwidth.Applications of QKD, up to now, have not required high throughput for the keys.

Although China is pushing the technology hard, high update rates may not be necessary. Having a key that changes several times a minute can be enough to provide sufficient confidence of security. QKD was used in this way more than a decade ago in Switzerland to protect voting data from the country’s elections. Since then, banks have made limited use of the technology to protect data being replicated across sites for disaster recovery. Other near-term applications will most likely not go down the road of the one-time pad. Instead, QKD may simply provide a mechanism for getting the sensitive private keys needed for conventional cryptography into the hands of users without today’s requirement to generate them in situ simply to avoid the possibility of eavesdropping.

There remains one major snag. Although vagaries in hardware design could lead to side-channel attacks should a hacker gain access to equipment, QKD is extremely difficult to compromise in the case of direct communication. But limits on distance open up other attack possibilities. The QUESS experiments have shown satellite-based networks will be effective but they will need multiple hops to get keys to where they need to go. It actually gets worse on the ground.

Dispersion in fibre leads to entanglement being lost over distances of more than 150km: the Beijing-Shanghai network has no less than 30 relay stations. Each one has to decode and store keys locally before sending them on their next hop. This provides hackers with a possible weak link in the chain. Gain access to a relay and you have access to the keys flowing through it.

Above: The BB44 protocol devised back in 1984 by Charles Bennett and Gilles Brassard looks to detect third party attempts to eavesdrop on private communications

One option to get around the need for trusted relay nodes is to use quantum repeaters. They do not need to resolve quantum states in order to send a qubit over the next hop. The bad news is that they would most likely not work with relatively simple state measurements based on polarisation. There is also a cost.

Today’s best option for a repeater is a mechanism that swaps quantum states across independent links. The process barely works today and will probably increase losses compared to direct links, putting further dents in the key-update rate. In the short-term, users will most likely tolerate the notional insecurity of store-and-forward networks on the basis that QKD will be operated on telecom backbones using exchanges that boast high levels of physical security.

Although China has spent heavily on advancing QKD over the past decade, other regions are accelerating their work on the technology. A year ago, the European Space Agency (ESA) contracted a consortium led by UK-based start-up ArQit to develop the continent’s answer to Micius. As with the QUESS experiments, the experimental satellite will exchange quantum-entangled photons with ground stations. The consortium expects to have the cubesat – which is much smaller than the 600kg Micius – in orbit and ready to work by the end of 2021. The ultimate aim is a global network of QKD relay satellites that can support international communication.

QKD pioneer ID Quantique, which worked on the Swiss elections project, is helping a different satellite project called QUARTZ. This will have the satellites generate keys and beam them to Earth. Another QKD specialist, Australia-based QuintessenceLabs has used its experience of the technology to create more efficient random-number generators, as well as working space and defence agencies of Switzerland and Australia on their own experiments into space-borne QKD networks.

Because of the emphasis on satellite communications and backbone networks, QKD is unlikely to become a mass market for manufacturers of laser and filter components. But it is slowly becoming a commercial reality.